Transcription
Exchange 2010 Journaling GuideWebsense Em ail Secur ity Solutionsv 7 .3
Websense Advanced Email EncryptionCopyright 1996-2011 Websense, Inc. All rights reserved.This document contains proprietary and confidential information of Websense, Inc. The contents of this document may not be disclosed to thirdparties, copied, or duplicated in any form, in whole or in part, without prior written permission of Websense, Inc.Websense and the Websense Logo are registered trademarks of Websense, Inc. in the United States and/or other countries. Websense has numerousother unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.Every effort has been made to ensure the accuracy of this manual. However, Websense Inc. makes no warranties with respect to this documentationand disclaim any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or forincidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The informationin this documentation is subject to change without notice.
ContentsWhat is journaling? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Envelope versus standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Message size limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Journaling prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Set up the journaling process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Create a journaling contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Create an SMTP send connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Activate journaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Create a distribution group and add members (select users only) . . 10Implement journal rules (select users only) . . . . . . . . . . . . . . . . . . . 11Disable NDRs (non-delivery reports) . . . . . . . . . . . . . . . . . . . . . . . 13Troubleshooting tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Journaling best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Remove Exchange 2010 journaling setup . . . . . . . . . . . . . . . . . . . . . . . 19Remove address space domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Deactivate journaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Remove journal rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Remove the distribution group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Remove SMTP send connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Remove the journaling contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Exchange 2010 Journaling Guide 1
Contents2 WebsenseEmail Security Solutions
1Exchange 2010 JournalingGuideFor regulatory and compliance reasons, many organizations are required to journal allcommunications in their organization, including email communication.Microsoft Exchange Server provides a mechanism for journaling email messages.This mechanism can capture messages flowing through any MTA, including those inWebsense email security solutions.To use Exchange message journaling with Websense security products, you arerequired to have the Websense Email Archive add-on installed. Exchange messagejournaling works together with Websense Email Archive to record information aboutincoming and outgoing email messages.This guide explains how to set up journaling for Microsoft Exchange 2010. Itexplains: What is journaling?, page 1 Journaling prerequisites, page 2 Set up the journaling process, page 2 Troubleshooting tips, page 16 Journaling best practices, page 18 Remove Exchange 2010 journaling setup, page 19What is journaling?Journaling is the ability to record all communications. Archiving, on the other hand,refers to reducing the strain of storing data by backing it up, removing it from itsnative environment, and storing it elsewhere. You can use Exchange journaling as atool in your email retention or archival strategy.Journaling is an operation on a customer's mail server that collects all email- inbound,outbound and internal- and can automatically and securely forward a copy to thearchive.Journaling does not capture existing messages stored in users' active mailboxes: itonly captures new messages. As journaling captures new messages "in flight," userscannot alter nor delete email before it is archived.Exchange 2010 Journaling Guide 1
Exchange 2010 Journaling GuideAlso, journaling does not capture miscellaneous items like contacts, calendar items ortasks. Consequently these items will not be saved in the archive.Envelope versus standardIn Exchange 2000 and 2003, the default method to capture messages sent to and fromusers ("Standard Journaling") does not capture all message header content like BCCrecipients or distribution lists. As a result, later Exchange versions containapplications to capture this additional message information.The new method to capture messages ("Envelope Journaling") forwards a single emailto the Archive as an envelope with two parts: a report of message recipientinformation and the actual message (which becomes an attachment). EnvelopeJournaling associates all users with a message, including CC and BCC recipients andmembers of distribution groups. All envelope information is saved in the Archive.By default, Exchange 2010 Journaling is Envelope format.Message size limitMessage size limit is currently 50MB for the Cloud Archive and 20MB forAdvisorMail. If you are dual-journaling to both Archives, your message size limit is20MBOversized messages sent via journaling cannot be saved in the Archive. If an email isoversized because of its attachments, neither the message nor the attachments will bearchived.Journaling prerequisitesThe following permissions and Microsoft Exchange components are required toconfigure Journaling for Exchange 2010.Exchange Server Prerequisites:1. Fully configured installation of Exchange2. Administrator access to the serverSet up the journaling processTo configure Journaling on your Exchange 2010 server, follow these steps:1. Create a journaling contact2. Create an SMTP send connector3. Activate journaling2 Websense Email Security Solutions
Exchange 2010 Journaling Guide4. Create a distribution group and add members (select users only)5. Implement journal rules (select users only)6. Disable NDRs (non-delivery reports)Create a journaling contact1. Select Start All Programs Microsoft Exchange Server 2010 Exchange Management Console.2. Click the sign to the left of your Exchange server.3. Click the sign to the left of Recipient Configuration.4. Click Mail Contact under Recipient Configuration.5. In the Mail Contact page (a), click New Mail Contact in the Actions pane(b).6. Select the New Contact option (a) and then click Next (b).7. In the New Mail Contact window, type Journaling in the First Name field,Contact in the Last Name field and Journaling Contact in the Alias field (a).Click Edit (b).Exchange 2010 Journaling Guide 3
Exchange 2010 Journaling Guide8. Type the journaling address provided to you (a) and then click OK (b).NoteThe journaling address is unique to your organization. Ifyou have not been provided with this address, pleasecontact support.9.Click Next.10. Click New.11. Click Finish.You have successfully created a journaling contact as shown below.Create an SMTP send connector1. Select Start All Programs Microsoft Exchange Server 2010 Exchange Management Console.2. Click the sign to the left of your Exchange server.3. Click the sign to the left of Organization Configuration.4. Click Hub Transport.5. Click the Send Connectors tab.6. In the Actions pane, click New Send Connector.4 Websense Email Security Solutions
Exchange 2010 Journaling Guide7. Type Journaling Connector for the Name field, for the Select the intendeduse for this Send connector drop-down list, select Custom (a). Click Next(b).8. Click Add. The SMTP Address Space window opens.Exchange 2010 Journaling Guide 5
Exchange 2010 Journaling Guide9. In the Address field, type the Address Space (a). Leave the cost at 1 and thenclick OK (b).10. Click Next.11. Select the Route mail through the following smart hosts option and thenclick Add.12. Select the Fully qualified domain name (FQDN) option, type the smart hostprovided to you and then click OK.13. Click Next.6 Websense Email Security Solutions
Exchange 2010 Journaling Guide14. Select None for the Configure smart host authentication settings and thenclick Next.NoteExchange 2010 servers automatically send all outboundemail via TLS encryption: no outbound securityconfiguration is required by the Administrator.15. Click Next.16. Click New.17. Click Finish.You have successfully created a send connector as shown below.Activate journaling1. Select Start All Programs Microsoft Exchange Server 2010 Exchange Management Console.2. Click the sign to the left of your Exchange server.Exchange 2010 Journaling Guide 7
Exchange 2010 Journaling Guide3. Click the sign to the left of Organization Configuration.4. Click Mailbox.5. In the Database Management tab, right click your mailbox database and selectProperties.6. Click the Maintenance tab.8 Websense Email Security Solutions
Exchange 2010 Journaling Guide7. Select the Journal Recipient check box (a), and then click Browse (b).Exchange 2010 Journaling Guide 9
Exchange 2010 Journaling Guide8. Select Journaling Contact (a) and then click OK (b).9. Click OK.You have successfully activated message journaling.Create a distribution group and add members (select users only)1. Select Start All Programs Microsoft Exchange Server 2010 Exchange Management Console.2. Click the sign to the left of your Exchange server.3. Click the sign to the left of Recipient Configuration.4. Click Distribution Group.5. In the Actions pane, click New Distribution Group.6. Select the New Group option and then click Next.10 Websense Email Security Solutions
Exchange 2010 Journaling Guide7. In the New Distribution Group window, type Journaling Distro in the Namefield and Alias field (a). Click Next (b).8. Click New.9. Click Finish.You have successfully created a distribution group.Add the users whose email messages you want journaled to the Journaling Distrodistribution group.Implement journal rules (select users only)1. Select Start All Programs Microsoft Exchange Server 2010 Exchange Management Console.2. Click the sign to the left of your Exchange server.3. Click the sign to the left of Organization Configuration.4. Click Hub Transport.5. Click the Journal Rules tab.6. In the Actions pane, click New Journal Rule. The New Journal Rule windowappears.Exchange 2010 Journaling Guide 11
Exchange 2010 Journaling Guide7. In the Rule Name field, type Journaling Rule (a) and then click Browse (b).8. Select Journaling Contact from the list and then click OK.9. Select the Journal messages for recipient check box and then click Browse.12 Websense Email Security Solutions
Exchange 2010 Journaling Guide10. Select Journaling Distro from the list (a) and click OK (b).11. Click New.12. Click Finish.You have successfully implemented journal rules for select users in your organization.Disable NDRs (non-delivery reports)1. Select Start All Programs Microsoft Exchange Server 2010 Exchange Management Console.2. Click the sign to the left of your Exchange server.3. Click the sign to the left of Organization Configuration.4. Click Hub Transport.5. Click the Remote Domains tab.6. In the Actions pane, click New Remote Domain. The New Remote Domainwindow opens.Exchange 2010 Journaling Guide 13
Exchange 2010 Journaling Guide7. In the Name field, type a name for the remote domain (a), in the Domainname field, type the domain name of the Address Space provided to you inthe Domain name field (b). Click New (c).NoteIf your Address Space [email protected], then the AddressSpace domain is AddressSpace.com.8. Click Finish.14 Websense Email Security Solutions
Exchange 2010 Journaling Guide9. Right click Address Space Domain and then select Properties.10. Click the Message Format tab.Exchange 2010 Journaling Guide 15
Exchange 2010 Journaling Guide11. Ensure the Allow non-delivery reports check box is deselected (a) and thenclick OK (b).12. You have successfully disabled NDRs.NoteYour Journaling set up is now complete. If you encounterany problems with the journaling process, or if journalingstops, please refer to the Troubleshooting tips below. Ifjournaling stops for an extended period of time, we cannotrecover lost email.Troubleshooting tips Make sure the Journaling Contact SMTP Email Address (journal addressprovided to you) is spelled correctlyRestart the Microsoft Exchange Transport Service.16 Websense Email Security Solutions
Exchange 2010 Journaling Guidea. Click Start and then click Run.b. Type services.msc in the text box (a) and click OK (b).c. Locate and click the Microsoft Exchange Transport service (a) andclick Restart (b).d. A dialog displays with the following message: "Microsoft ExchangeTransport service is being restarted." When the dialog closes, you havesuccessfully restarted the service. Your firewall may be blocking outbound email messages.a. Many firewalls can block email messages sent using TLS encryption,even if they are set to allow all outbound email messages.Exchange 2010 Journaling Guide 17
Exchange 2010 Journaling Guideb. If you have a Cisco firewall, chances are very high that the ESMTPpacket inspection is enabled and blocking the TLS-encrypted emailmessages. For more information, visit Cisco support by clicking on thelink below or copying and pasting it into your web browser. /release/notes/asarn723.html#wp219670 Verify there are no enabled Send Connectors utilizing the domain name of thecontact being journaled to. Get-SendConnector Where { .AddressSpaces –match "domain.com" If you get a match on one, then there is a send connectorhandling that domains email.Check if you are having a connection issue.a. Issue telnet to smarthost (i.e. telnet ssljournal.advisormail.net 25) thisshould return a 220 banner, seen in the figure below.Journaling best practices Contact Archiving Support if you make any changes to your host provider orupgrade your Exchange Server. You will be provided new setup instructions toupdate your journaling configuration.Monitor your Exchange Server for issues.When adding or deleting a user mailbox on your Exchange Server, make sure youalso update that user in the Archive Administration taMake sure you hide the journal recipient(s) from your Global Address List(GAL).Envelope Journaling using journaling rules When journaling rules are implemented under the Hub transport, exchangetransport agent is executed first and can conflict with messages being archive(if there’s transport rules to drop messages). You need to set the journalingagent as first priority using the steps below. Once this is set even messagesthat are meant to drop will be archived. Open EMSSet-transport agent: identity is "journaling agent," priority is "1".18 Websense Email Security Solutions
Exchange 2010 Journaling Guide I want to journal all messages on my Exchange server, but do not want to enablejournaling on each mailbox store.Create a new journaling rule, seen in the figure below. On Send journal reports to e-mail address, click Browse to select a contact. Select Global – all messages. Restart services (services.msc) for MSExchangeTransport or via aCommand window by typing net stop msexchangetransport & net startmsexchangetransport.Ensure the Journal messages for recipient option is deselected. Selectingthis will journal all messages for all users for the entire Organization.Verify the journaling mailbox is set to allow mail only from Microsoft Exchangeand Authenticated Senders Only.Set-Mailbox Journal Mailbox Name -AcceptMessagesOnlyFrom "MicrosoftExchange" –RequireSenderAuthenticationEnabled: trueRemove Exchange 2010 journaling setupThere are 2 ways to remove Exchange 2007 Journaling setup:Remove Exchange 2007 Journaling setup for all users, follow these steps:Exchange 2010 Journaling Guide 19
Exchange 2010 Journaling Guide1. Remove address space domain2. Deactivate journaling3. Remove SMTP send connector4. Remove the journaling contactRemove Exchange 2007 Journaling setup for select users, follow these steps:1. Remove address space domain2. Remove journal rule3. Remove the distribution group4. Remove SMTP send connector5. Remove the journaling contactNoteOnly complete the above steps if you wish to stop sendingemail to the Archive. Once you remove the journalingsetup, email cannot be saved in the Archive.Remove address space domain1. Open the Exchange Management Console window by selecting Start - AllPrograms - Microsoft Exchange Server 2010 - Exchange ManagementConsole.2. Select the sign to the left of your Exchange server.3. Select the sign to the left of Organization Configuration.4. Select Hub Transport.5. Click the Remote Domains tab.6. Right click Address Space Domain and then select Remove.7. Click Yes to confirm.You have successfully removed the Address Space Domain.Deactivate journaling1. Open the Exchange Management Console window by selecting Start - AllPrograms - Microsoft Exchange Server 2010 - Exchange ManagementConsole.2. Select the sign to the left of your Exchange server.3. Select the sign to the left of Organization Configuration.4. Select Mailbox.20 Websense Email Security Solutions
Exchange 2010 Journaling Guide5. Within the Database Management tab, right-click your mailbox databaseand select Properties from the drop-down menu.Exchange 2010 Journaling Guide 21
Exchange 2010 Journaling Guide6. Select the Maintenance tab within the resulting Mailbox Database Propertieswindow. Deselect the Journal Recipient check box (a) and then click OK(b).You have successfully deactivated journalingRemove journal rule1. Open the Exchange Management Console window by selecting Start - AllPrograms - Microsoft Exchange Server 2010 - Exchange ManagementConsole.2. Select the sign to the left of Organization Configuration.3. Select Hub Transport.4. Select the Journaling tab.5. Select the Journal Rule whose Journal Email Address, from within the list,that matches the journaling address used during the journaling setup (a) andselect Remove in the right-hand Actions pane (b).22 Websense Email Security Solutions
Exchange 2010 Journaling Guide6. Click Yes in the resulting confirmation dialog box.You have successfully deleted the Journal Rule.Remove the distribution group1. Open the Exchange Management Console window by selecting Start - AllPrograms - Microsoft Exchange Server 2010 - Exchange ManagementConsole.2. Select the sign to the left of Recipient Configuration.3. Select Distribution Group.4. Select the Distribution Group for the journaling setup you are deleting (a),from within the list, and click Remove in the Actions pane (b).5. Select Yes in the resulting confirmation dialog box.You have successfully deleted the Journaling Distribution Group.Remove SMTP send connector1. Open the Exchange Management Console window by selecting Start - AllPrograms - Microsoft Exchange Server 2010 - Exchange ManagementConsole.2. Select the sign to the left of Organization Configuration.3. Select Hub Transport.4. Select the Send Connectors tab.5. Your Send Connectors display in a list. To find the Send Connector associatedwith your journaling setup, follow these steps:Exchange 2010 Journaling Guide 23
Exchange 2010 Journaling Guidea. From the Send Connectors tab, right-click a Send Connector from withinthe list, and then select Properties.24 Websense Email Security Solutions
Exchange 2010 Journaling Guideb. Select the Address Space tab, within the Journaling Connector Propertiesdialog box. If the address listed (a) matches the Address Space usedduring the journaling setup, then this Send Connector must be deleted.Click Cancel (b) to close the dialog box.NoteIf the address listed does not match the Address Spaceused during the journaling setup, repeat the above steps.Exchange 2010 Journaling Guide 25
Exchange 2010 Journaling Guide6. Select the Send Connector that needs to be deleted, from within the SendConnectors list (a), and select Remove in the right-hand Actions pane (b).7. Select Yes on the resulting warning dialog box.You have successfully deleted the SMTP Send Connector.Remove the journaling contact1. Open the Exchange Management Console window by selecting Start - AllPrograms - Microsoft Exchange Server 2010 - Exchange ManagementConsole.2. Select the sign to the left of Recipient Configuration.3. Select Mail Contact, within the Recipient Configuration node.4. Your Mail Contacts display in a list. To find the Mail Contact associated withyour journaling setup, follow these steps:a. Right-click a Mail Contact, from within the list, and then selectProperties.26 Websense Email Security Solutions
Exchange 2010 Journaling Guideb. Select the Email Addresses tab. If the external email address (a) matchesthe Journaling Address used during the journaling setup, this MailContact must be deleted. Select Cancel (b) to close the dialog box.NoteIf the external address listed does not match the JournalAddress used during the journaling setup, repeat the abovesteps.Exchange 2010 Journaling Guide 27
Exchange 2010 Journaling Guide5. Select the Mail Contact that needs to be deleted, from within the list (a), andthen select Remove in the right-hand Actions pane (b).6. Select Yes on the resulting warning dialog box.You have successfully removed the Exchange 2010 journaling setup.28 Websense Email Security Solutions
1. Select Start All Programs Microsoft Exchange Server 2010 Exchange Management Console. 2. Click the sign to the left of your Exchange server. 3. Click the sign to the left of Recipient Configuration. 4. Click Mail Contact under Recipient Configuration. 5. In the Mail Contact pag
